initial commit

2026-04-17 00:08:11 +09:00
parent 92f61ab30e
commit 0d5b982af8
28 changed files with 1695 additions and 1 deletions
--- a/.codex/agents/harness-reviewer.toml
+++ b/.codex/agents/harness-reviewer.toml
@@ -0,0 +1,11 @@
+name = "harness_reviewer"
+description = "Read-only reviewer for Harness projects, focused on architecture drift, critical rule violations, and missing validation."
+model = "gpt-5.4"
+model_reasoning_effort = "high"
+sandbox_mode = "read-only"
+developer_instructions = """
+Review changes like a repository owner.
+Prioritize correctness, architecture compliance, behavior regressions, and missing tests over style.
+Always compare the patch against AGENTS.md, docs/ARCHITECTURE.md, docs/ADR.md, and the requested acceptance criteria.
+Lead with concrete findings and file references. If no material issues are found, say so explicitly and mention residual risks.
+"""
--- a/.codex/agents/phase-planner.toml
+++ b/.codex/agents/phase-planner.toml
@@ -0,0 +1,12 @@
+name = "phase_planner"
+description = "Read-heavy Harness planner that decomposes docs into minimal, self-contained phase and step files."
+model = "gpt-5.4"
+model_reasoning_effort = "high"
+sandbox_mode = "read-only"
+developer_instructions = """
+Plan before implementing.
+Read AGENTS.md and the docs directory, identify the smallest coherent phase boundaries, and draft self-contained steps.
+Keep each step scoped to one layer or one module when possible.
+Do not make code changes unless the parent agent explicitly asks you to write files.
+Return concrete file paths, acceptance commands, and blocking assumptions.
+"""
--- a/.codex/config.toml
+++ b/.codex/config.toml
@@ -0,0 +1,9 @@
+# Project-scoped Codex defaults for the Harness template.
+# As of 2026-04-15, hooks are experimental and disabled on native Windows.
+
+[features]
+codex_hooks = true
+
+[agents]
+max_threads = 6
+max_depth = 1
--- a/.codex/hooks.json
+++ b/.codex/hooks.json
@@ -0,0 +1,28 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$(git rev-parse --show-toplevel)/.codex/hooks/pre_tool_use_policy.py\"",
+            "statusMessage": "Checking risky shell command"
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$(git rev-parse --show-toplevel)/.codex/hooks/stop_continue.py\"",
+            "statusMessage": "Running Harness validation",
+            "timeout": 300
+          }
+        ]
+      }
+    ]
+  }
+}
--- a/.codex/hooks/pycache/pre_tool_use_policy.cpython-312.pyc
+++ b/.codex/hooks/pycache/pre_tool_use_policy.cpython-312.pyc
--- a/.codex/hooks/pycache/stop_continue.cpython-312.pyc
+++ b/.codex/hooks/pycache/stop_continue.cpython-312.pyc
--- a/.codex/hooks/pre_tool_use_policy.py
+++ b/.codex/hooks/pre_tool_use_policy.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+"""Block obviously destructive shell commands before Codex runs them."""
+
+from __future__ import annotations
+
+import json
+import re
+import sys
+
+
+BLOCK_PATTERNS = (
+    r"\brm\s+-rf\b",
+    r"\bgit\s+push\s+--force(?:-with-lease)?\b",
+    r"\bgit\s+reset\s+--hard\b",
+    r"\bDROP\s+TABLE\b",
+    r"\btruncate\s+table\b",
+    r"\bRemove-Item\b.*\b-Recurse\b",
+    r"\bdel\b\s+/s\b",
+)
+
+
+def main() -> int:
+    try:
+        payload = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        return 0
+
+    command = payload.get("tool_input", {}).get("command", "")
+    for pattern in BLOCK_PATTERNS:
+        if re.search(pattern, command, re.IGNORECASE):
+            json.dump(
+                {
+                    "hookSpecificOutput": {
+                        "hookEventName": "PreToolUse",
+                        "permissionDecision": "deny",
+                        "permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
+                    }
+                },
+                sys.stdout,
+            )
+            return 0
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
--- a/.codex/hooks/stop_continue.py
+++ b/.codex/hooks/stop_continue.py
@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+"""Run repository validation when a Codex turn stops and request one more pass if it fails."""
+
+from __future__ import annotations
+
+import json
+import subprocess
+import sys
+from pathlib import Path
+
+
+def main() -> int:
+    try:
+        payload = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        return 0
+
+    if payload.get("stop_hook_active"):
+        return 0
+
+    root = Path(payload.get("cwd") or ".").resolve()
+    validator = root / "scripts" / "validate_workspace.py"
+    if not validator.exists():
+        return 0
+
+    result = subprocess.run(
+        [sys.executable, str(validator)],
+        cwd=root,
+        capture_output=True,
+        text=True,
+        timeout=240,
+    )
+
+    if result.returncode == 0:
+        return 0
+
+    summary = (result.stdout or result.stderr or "workspace validation failed").strip()
+    if len(summary) > 1200:
+        summary = summary[:1200].rstrip() + "..."
+
+    json.dump(
+        {
+            "decision": "block",
+            "reason": (
+                "Validation failed. Review the output, fix the repo, then continue.\n\n"
+                f"{summary}"
+            ),
+        },
+        sys.stdout,
+    )
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())